|
|||||
|
|
Cryptanalysis of the RNTS system |
|
| Authors: | Pablo Picazo-Sanchez Lara Ortiz-Martin Pedro Peris-Lopez Julio Cesar Hernandez-Castro |
| Affiliation: | 1. Department of Applied Mathematics, University School of Computer Science (UPM) of Madrid, Madrid, Spain 2. Computer Security Lab (COSEC), Carlos III University of Madrid, Madrid, Spain 3. School of Computing, University of Kent, Canterbury, UK |
| Abstract: | Internet of Things is a paradigm that enables communication between different devices connected to a local network or to Internet. Identification and communication between sensors used in Internet of Things and devices like smart-phones or tablets are established using radio frequency identification technology. However, this technology still has several security and privacy issues because of its severe computational constraints. In 2011, Jeong and Anh proposed the combined use of an authentication radio frequency identification protocol together with a ticket issuing system for bank services (in J. Supercomput. 55:307, 2011). In this paper we show that their message generation is weak, because it abuses the XOR operation and the use of a counter, which leaks too much secret protocol information. Our analysis shows important security faults that ruin most of the security properties claimed in the original paper. More precisely, information privacy (via a disclosure and leakage attack) and location privacy (traceability attack) are both compromised. Moreover, an attacker can disrupt the proper working of the system by exploiting the fact that message integrity is not properly checked. |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! | |